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A client workstation provides a login address as an anony- 
mous ftp (file transfer protocol) request, and a password as 
a user's e-mail address. A destination server compares the 
user's e-mail address provided as a password to a list of 
authorized users' addresses. If the user's e-mail address is 
located on the list of authorized users' addresses maintained 
by the destination server, the destination server generates a 
random number (X), and encrypts the random number in an 
AS CD representation using encryption techniques provided 
by the Internet Privacy Enhanced Mail (PEM) procedures. 
The encrypted random number is stored in a file as the user's 
. anonymous directory. The server further establishes the 
encrypted random number as one-time password for the 
user. The client workstation initiates an ftp request to obtain 
the encrypted PEM random number as a file transfer (ftp) 
request from the destination server: The destination server 
then sends the PEM encrypted password random number, as 
an ftp file, over the Internet to the client workstation. The 
client workstation decrypts the PEM encrypted file utilizing 
the user's private RSA key, in accordance with established 
PEM decryption techniques. The client workstation then 
provides the destination server with the decrypted random 
number password, which is sent in the clear over the 
Internet, to login to the destination server. Upon receipt of 
the decrypted random number password, the destination 
server permits the user to login to the anonymous directory, 
thereby completing the user authentication procedure and 
accomplishing login. 

31 Claims, 4 Drawing Sheets 
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METHOD AND APPARATUS FOR SECURE installed base of network applications with such a strong 

REMOTE AUTHENTICATION IN A PUBLIC authentication mechanism would take some period of time. 

NETWORK Id the interim, an intruder can monitor the network and 

intercept passwords transmitted over the Internet Since all 
This is a continuation of application Ser. No. 08/253,802, 5 passwords are currently transmitted from user to a remote 
filed Jun. 3, 1994, now U.S. Pat No. 5,604.803. server in unencrypted ("dear") form, Internet users are 

vulnerable to an intruder determining their password, and 
BACKGROUND OF THE INVENTION later logging on to a server utilizing the stolen password of 

1 Field of the Invention a legitimate user. In fact, there have been cases where 
The present invention relates to methods and apparatus 10 have tapped the mtoet at weU known pubUc sites 

for providing remote user authentication in a public net- andhawaccumu^ 

wort More particularly, the present invention provides Passwords Tlius, me Internet must be viewed as atage 

methods and apparatus fox remote authentication using a insecure crmnnel in which passwords are tiansmitted in the 

one-time password scheme having a secure out-of-band clear, and may be acquired by unauthorized parties, 

channel for initial password delivery. 15 As will be described, the present invention provides 

2 Art Background methods and apparatus to permit an Internet user to acquire 

' ±t . ^ , . . r a password which is good for only a one time use. Through 

Over the past few years, the networking of computers for „„ a - . .. ° . ro/w o „/ . nrt r\ 

t ^ n«v . . ° . r the use or the existing privacy enhanced mail system on the 

electronic mail rx-mail j communication and data transfer r * a ^ *. - *- A * , ^ « 

, k j^ii±ii.ui±i^iivu oiiu u»o ««»«w Internet, the present invention ensures that only the legiti- 

has grown from simple local area networks to a global ™ r . A . « w J ar z. 

•«w gtywu xx oiiu^x M „- Z A . - 20 mate user can gam access to the password. Moreover, as will 

network referred toas *e 'Internet". The Internet comprises bc Seabed, the present invention does not require the 
a spiderweb of networks which criss-cross the globe and rctrofittin of ^ app^^ aad computer; with a 
permit users to send and receive e-mail messages, transfer aumenticatic^cchanism. 
data and access remote data bases between computers 

coupled to servers. In addition to fixed positions on the 25 SUMMARY OF THE INVENTION 

Internet, computer systems, such as for example, lap top The present invention provides an improved method and 
computers, may be physically moved from one location on apparatus for user authentication in a network: environment 
the network to another. Wireless links coupling the comput- between a client computer (' ^workstation") and a remote 
crs to the Internet, such as direct satellite links, also permit destination server coupled to a network. A user operating the 
users to access the Internet from remote areas. 30 workstation provides a login address as an anonymous 

As the number of users on the Internet has grown, so have ftp (file transfer protocol) request, and a password as the 
concerns regarding network security. Many businesses and user's e-mail address. The destination server compares the 
government organizations utilize the Internet for the transfer user's e-mail address provided as a password to a list of 
of business information, government project data and other authorized users* addresses. If the user e-mail address pro- 
information which may be considered confidential Due to 35 vided is not on the destination server's list of authorized user 
the size and complexity of the Internet, the opportunity for addresses, then the user login request is automatically 
an intruder to intercept messages and gain access to conn- denied. If the user's e-mail address is located on the list of 
dential information has become a significant concern. Hie authorized users' addresses maintained by the destination 
Internet community has established message encryption and server, the destination server generates a random number 
authentication procedures for Internet electronic mail. These 40 (X), and encrypts the random number in an ASCH repre- 
encryption and authentication procedures are known as sentation using encryption techniques provided by the Inter- 
privacy enhanced mail (PEM). The PEM protocol estab- net Privacy Enhanced Mail (PEM) message and encryption 
lishes procedures to provide far enhanced privacy in e-mail authentication procedures. The encrypted random number is 
services over the Internet The PEM protocol is intended to stored in a file as the user's anonymous directory. The server 
be compatible with a wide range of key management 45 further establishes the encrypted ASCH representation of the 
approaches including symmetric (secret key) and asymmet- random number as one-time password for the user. The 
ric (public key) approaches for the encryption of data client workstation initiates an ftp request to obtain the 
encrypting keys. Privacy enhanced mail services assure encrypted PEM random number as a file transfer (ftp) 
message integrity, and are offered through the use of end- request from the destination server The destination server 
to -end cryptography between originator and recipient pro- 50 men sends the PEM encrypted password random number, as 
cesses at or above the user level. No special processing an ftp file, over the Internet to the client workstation. The 
requirements are imposed on the message transfer system at client workstation decrypts the PEM encrypted file utilizing 
endpoints. or at intermediate relay sites on the Internet The the user's private RSA key, in accordance with established 
reader is referred to the PEM RFC documents, which are PEM decryption techniques. The client workstation then 
incorporated herein by reference, entitled: "Privacy 55 provides the destination server with the decrypted random 
Enhancement for Internet Electronic Mail**, Parts I-IV, number password, which is sent in the clear over the 
RFCS 1421-1424, available on the Internet at /home/ Internet, to login to the destination server. Upon receipt of 
internet/rfes on files rfcl421-rfcl424 (hereinafter at times the decrypted random number password, the destination 
referred to as "PEM Protocols"). server permits the user to login to the anonymous directory, 

However, although privacy enhanced mail service is 60 thereby completing the user authentication procedure and 
available on the Internet, all current applications on the accornplishing login. The destination server removes the 
Internet (commonly referred to as "legacy" applications), random number password from its anonymous directory, 
such as Telnet, Hie Transfer Protocol ("ftp"), and the like, such that any future login attempts requires a new random 
use simple authentication having reusable passwords. number password. Additionally, the destination server 
Although it is generally understood that strong authentica- 65 deems the random number password valid only for a pre- 
tion using crypto-techniques would provide enhanced pass- determined time period (t), such that any delay beyond the 
word security on the Internet, retrofitting the existing time period (t) in accomplishing the login by the client 
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workstation results in a timeout, and invalidation of the accordance with the teachings herein, or it may prove more 

random number password. In the event of a timeout, the user convenient to construct specialized apparatus to perform the 

must obtain a new random number password from the required method steps. The required structure for a variety of 

destination server in accordance with the method of the these machines will be apparent from the description given 

present invention. 5 below. 

BRIEF DESCRIPTION OF THE DRAWINGS DETAILED DE^ION OF THE 

FIG. 1 illustrates a work station used to communicate with ^ the f 0 u 0 wing description, numerous details arc set 

other workstations over a network and incorporating the jq f 0Itn ^ workstation system configurations, represen- 

teachings of the present invention. tative messages, servers, etc. to provide a thorough under- 

F1G. 2 conceptually illustrates the Internet network. standing of the present invention. However, it will be 

FIG. 3 is a flow chart illustrating the sequence of steps apparent to one skilled in the art that the present invention 

executed by a user's workstation of the type illustrated in may be practiced without these specific details. In other 

i 15 instances, well known circuits and structures are not 

FIG.'4 is a flow chart illustrating the sequence of steps for described in detail In order to not obscure theprescat 

the present invention's privacy enhance! mail baseduser invention. Moreover, ^°J^ TS™ ' 

auth^on system, executed by a server data processing ..^ J^cS^ ar" 

device * — , , - fication and are considered to be terms of art The use of 

FIG. 5 is a diagrammatical illustration of the data paths 20 ^ ^ ^ ^ fec 

utilized by the present invention for providingan encrypted pcrsonmcalloils of computer or electronic systems, refers, 

password using privacy enhanced mail, and the useof the ^ t0 ±c functions 0 f the system as having 

decrypted password sent over the Internet in accordance human . Ukc ^butes. For example, a reference herein to an 

with the teachings of the present invention to accomplish ^ clcctronic ^em as "oetermining" something is simply a 

l°gto- shorthand method of describing that the electronic system 

KfYTATTfVM and NOMFNCLATURE has beGn programmed or otherwise modified in accordance 

NOTATION AND NOMENCLATURE ^ ^ £ achmgs hadQ ^ is cautioned not to 

The detailed descriptions which follow are presented confuse the functions described with everyday human 

largely in terms of symbolic representations of operations of 3Q attributes. These functions are machine functions in every 

data processing devices coupled to a network. These process sense. 

descriptions and representations are the means used by those jtjq j illustrates a data processing system (hereinafter a 

skilled in the data processing arts to most effectively convey •'workstation") in accordance with the teachings of the 

the substance of their work to others skilled in the art. present invention. The workstation includes a computer 10 

An algorithm is here, and generally, conceived to be a 35 which comprises three major components. The first of these 
self -consistent sequence of steps leading to a desired result | s an inpuVoutput (I/O) circuit 12 which is used to commu- 
These steps are those requiring physical manipulations of nicate information in appropriately structured form to and 
physical quantities. Usually, though not necessarily, these from other portions of the computer 10. In addition, corn- 
quantities may take the form of electrical or magnetic puter 10 includes a central processing unit (CPU) 13 coupled 
signals capable of being stored, transferred, combined, 40 to the I/O circuit 12 and a memory 14. These elements are 
compared, displayed and otherwise manipulated. It proves those typically found in most general purpose computers 
convenient at times, principally for reasons of common and, in fact, computer 10 is intended to be representative of 
usage, to refer to these signals as bits, values, elements, a broad category of data processing devices. Also shown in 
symbols, operations, messages, terms, numbers, or the like. FIG. 1 is a keyboard 15 to input data and commands into 
It should be borne in mind, however, that all of these similar 45 computer 10, as is well known. A network interface circuit 
terms are to be associated with the appropriate physical 17 is also coupled to me computer 10 through I/O circuit 12, 
quantifies and are merely convenient labels applied to these to permit the computer 10 to communicate with other 
quantities. workstations and servers over a network, such as for 

In the present invention, the operations referred to arc example, the Internet A raster display monitor 16 is shown 

machine operations. Useful machines for performing the 50 coupled to the I/O circuit 12 and is used to display images 

operations of the present invention include general purpose generated by CPU 13 in accordance with the present inveo- 

digital computers (referred herein as 4 Vorkstations"), or tion. Any well known variety of cathode ray tube (CRT) or 

other similar devices. In all cases, the reader is advised to other type of display may be utilized as display 16. 

keep in mind the distinction between the method operations Referring now to FIG. 2, the Internet may be conceptually 
of operating a computer and the method of computation 55 described as an open network generally referred to in the 

itself. The present invention relates to method steps for figure by the numeral 20, to which numerous servers 22, 24, 

operating a computer, coupled to a series of networks, and 26 and 28 are coupled. Each of the respective servers is 

processing electrical or other physical signals to generate coupled to workstations 29, 31, 33 and 35, as shown. It will 

other desired physical signals. be appreciated that FIG. 2 is described for illustration 

The present invention also relates to apparatus for per- 60 purposes only, and that in reality the Internet includes many 

forming these operations. This apparatus may be specially tens of thousands of servers and work stations. Additionally, 

constructed for the required purposes or it may comprise a although the Internet is illustrated in FIG. 2 as a single 

general purpose computer selectively activated or reconfig- network, it will be appreciated that the Internet is actually a 

ured by a computer program stored in the computer. The series of networks forming a spiderweb-like topology span- 
method/process steps presented herein are not inherently 65 ning virtually every continent in the world. As is well 

related to any particular computer or other apparatus. Van- known, a user operating a workstation in, for example, 

ous general purpose machines may be used with programs in Singapore, may send messages, access data and databases 
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and execute a variety of functions over the Internet to, for 
example, a workstation located in Mountain View, Calif. 

Li the operation of many networks, and in particular, the 
Internet, a user operating for example workstation 29, 
referred to as the "client workstation**, may wish to access 
a workstation 33 which, as illustrated, is coupled to the 
server 26. The server 26 is referred to in the industry as the 
"destination server" and the combination of client worksta- 
tion 29 and server 26 is known as the "client-server". 
Generally, in order for client workstation 29 to access 
destination server 26 and data which may be disposed at the 
server 26. or alternatively, at a workstation 33, it is necessary 
for the client workstation 29 to provide a password to the 
server 26. However, as previously noted, passwords are sent 
over the Internet 20 in "the clear" thereby giving intruders 
access to unencrypted passwords. Additionally, passwords 
are relatively easy to guess given a sufficiently powerful 
workstation eavesdropping at a node on the Internet Once 
an unencrypted password has been captured by an intruder 
the intruder may then access the network devices as an 
authorized user. Thus, the sending of passwords in the clear 
over the Internet provides an opportunity for a would be 
intruder to gain access to an authorized user's password, and 
thereby compromises network security. 

In accordance with the teachings of the present invention, 
assume for sake of example, that a client workstation 29 
desires to access a destination server 26 coupled to the 
Internet 20. In order to access the destination server 26 it is 
necessary for the client workstation 29 to login on the server 
26. The login by the client workstation 29 to server 26 is an 
authenticated login in accordance with the teachings of the 
invention. Traditionally, the client workstation 29 would 
simply provide a password to the destination server 26 in the 
clear over the Internal 20. However, for the reasons previ- 
ously described, the sending of a password in the clear 
compromises network security and provides an unaccept- 
able opportunity for intrusion by third parties. One of the 
characteristics of the present invention is that its methodol- 
ogy operates In conjunction with existing network applica- 
tions. As previously described, one of the existing network 
applications on the Internet is privacy enhancement far 
Internet electronic mail (PEM). Each of the servers (in FIG. 
1 servers 22, 24, 26 and 28) coupled to the Internet 20 
includes PEM, as does each of the workstations 29, 31, 33 
and 35. Generally, PEM is designed to receive a user name 
(e-mail address) and to fetch its corresponding public key 
certificate. In general, PEM provides public key cryptogra- 
phy for electronic mail messages, and security for the mail 
message itself, as opposed to the authentication of an 
authorized user. The detailed operation of privacy enhanced 
mail will not be described in this Specification, since it is 
well established and currently functioning on the Internet 
The reader is referred to the Internet documents, incorpo- 
rated by reference herein, entitled "Privacy Enhaocementfar 
Internet Electronic Mail", parts I-IV, (RFC 14.21 through 
14.24) for a detailed description of PEM encryption and 
authentication procedures. The present invention will be 
described herein as it relates to its operation in conjunction 
with the existing Internet PEM system. However, it will be 
appreciated that the present invention may be used in 
numerous other network environments in addition to the 
Internet 

Referring now to FIGS. 3 and 4 in conjunction with FIG. 
5, the operation of the present invention will be described in 
further detail. Assume for sake of example that a client 
workstation 40 (see FIG. 5) coupled to the Internet 20 
desires to login on a destination server 42. As shown in FIG. 
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5, the client workstation 40 is coupled to a source server 44, 
and the destination server 42 is coupled to at least one 
workstation 46, as is common in Internet topology. 
As illustrated in the flowchart of FIG. 3, the client 
s workstation 40 through the source server 44 provides a login 
comprising an anonymous ftp, to the destination server 42. 
In addition, the client workstation 40 provides a password 
comprising the user's electronic mail name. The use of an 
anonymous ftp provided over the Internet 20 effectively 
10 results in a secure password channel over the Internet This 
password is then used to secure another Internet connection. 
As illustrated in FIG. 4. the destination server 42 receives 
the login request comprising an anonymous ftp in conjunc- 
tion with the user's e-mail address as a password. The 
destination server 42 compares the client workstation 40 
15 electronic mail name to its list of authorized users. If the 
user's electronic mail name (in the present example, client 
workstation 40) is not on the list of authorized users, the 
client login request is rejected. 
^ If the identified user is on the list of authorized users, then, 
as illustrated in FIG. 4, the destination server 42 generates 
a random number (X) which will be used as a one-time 
password. An ASCH representation of the random number is 
encrypted using the PEM algorithm, and is placed in a file 
in the user's anonymous directory using PEM encrypted 
message procedures. As shown in FIG. 4, the destination 
server 42 establishes the encrypted ASCII representation of 
the random number X as the one-time password for the user. 
It will be appreciated that the encrypted random number 
30 password is addressed only to the user operating workstation 
40. Only the authorized user operating workstation 40 can 
decrypt the encrypted random number password. As illus- 
trated in the flowchart of FIG. 3, the client workstation 40 
does an ftp to obtain the encrypted PEM random number 
S5 password from the destination server 42. The destination 
server 42 sends the encrypted PEM random number pass- 
word to the workstation 40 over the Internet 20. Although an 
inhaler can detect the encrypted random number password 
over the Internet 20, only the authorized user of workstation 
^ 40 can decrypt the random number password in accordance 
with the teachings of PEM. The workstation 40, using the 
PEM decryption methodology, decrypts the encrypted PEM 
file using the PEM users private RSA key. 
The reader is referred to the document, incorporated by 
43 reference herein, by Fahn, "Answers to Frequently Asked 
Questions about Today's Cryptography" (RSA Laboratories, 
1992), submitted concurrent with the filing of the applica- 
tion on which this patent is based, and other references 
submitted, for a detailed description of RSA technology. 
5 q Since the RSA technology is well known, it will not be 
described further herein. 

As shown in the flowchart of FIG. 3, once the PEM 
encrypted random number password is decrypted by the 
client workstation 40 using its private key, the decrypted 
5 5 password is then supplied over the Internet 20 to the 
destination server 42 for login. For the actual login by the 
client workstation 40 to the destination server 42, the 
decrypted random number password is sent in the clear over 
the Internet 20 along with the user's e-mail address name. 
60 As shown in FIG. 4, the destination server 42 permits the 
user to login to -the anonymous directory utilizing the 
one-time random number password within a predetermined 
time (t). Providing a predetennined time window in which 
to permit the client workstation 40 to login to the destination 
6s server 42, provides additional security. 

In the event the time period (t) expires without the 
workstation 40 logging into the destination server 42 utiliz- 
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ing the decrypted random number password, then a time out 
occurs and the random number password is deemed invalid. 
In such event il is necessary for the user operating the client 
workstation 40 to acquire a new random number password 
utilizing the teachings described in this Specification with 
reference to FIGS. 3 and 4. Assuming that the user provides 
the decrypted random number password to the destination 
server 42 within the time interval (t), the destination server 
42 permits the login and the user authentication process is 
completed. The destination server 42 then removes the 
random number X as a password for the user, thereby 
requiring any future logins by the workstation 40 to first 
obtain a new random number password. Thus, each login 
between a client and a server over the Internet requires a new 
password. 

It will be appreciated that since the decrypted random 
number password provided by the client workstation 40 to 
the destination server 42 over the Internet 20 is sent in the 
clear, an intruder can detect this password during the login 
process. However, since the server 42 invalidates or removes 
the random number password after each successful login, or 
alternatively, after the time out of the interval (t), network 
security is not compromised. Even assuming an intruder 
intercepts the decrypted random number password over 
Internet 20, it is of no use to the intruder since it is only valid 23 
for a single login, and the login must occur during the 
predetermined time (t). 

Accordingly, a system and method far user authentication 
in a public network is disclosed. While the present invention 
has been described in conjunction with a few specific 
embodiments identified in FIGS. 1-5, it will be apparent to 
those skilled in the art that many alternatives, modifications 
and variations in light of the foregoing description are 
possible. For example, although the present invention has 
been described with reference to user authentication in the 
Internet environment, it will be appreciated that the teach- 
ings of the present invention may be applied to any public 
or private network topology. 

I claim: 

1. A method for authentication of a remote user of a 
computer system, comprising the steps of: 

receiving a user identification code of said remote user 
and detennining if said user identification code is 
authorized; 

if said user identification code is authorized, generating a 
one time password, storing said one time password and 
encrypting said one time password to form an 
encrypted one time password; 

providing said encrypted one time password to said 
remote user, 

receiving from said remote user a decrypted one time 
password which is decrypted from said encrypted one 
time password, and comparing said decrypted one time 
password to said stored one time password, such that, 
if said received and stored one time passwords match, 
said remote user is authenticated. 

2. The method as in claim 1 wherein said step of gener- 
ating is configured to generate a random number as said one 
time password. 

3. The method as in claim 1 wherein if said decrypted one 
time password is not received within a predetermined time 
t from said remote user, said stored one time password is 
invalidated for further use. 



5. A computer system which embodies authentication of 
a remote user, comprising: 

an input and output device including an interface to the 

remote user, 
a storage device; and 
a processing device configured to: 
receive a user identification code of said remote user 

via the interface; 
determine if said user identification code is authorized; 
if said user identification code is authorized, generate a 
one time password, store said one time password in 
said storage device and encrypt said one time pass- 
word to form an encrypted one time password; 
transmit via said interface said encrypted one time 

password to said remote user; 
receive from said remote user a decrypted one time 
password which has been decrypted from said 
encrypted one time password, and compare said 
decrypted one time password to said stored one time 
password, such that, if said received and stored one 
time passwords match, said remote user is authenti- 
cated. 

6. The computer system as in claim 5 wherein said 
processing device is further configured to generate a random 
number as said one time password. 

7. The computer system as in claim 5 wherein said 
processing device is further configured such that if said 
decrypted one time password is not received within a 
predetermined time t from said remote user, said stored one 
time password is invalidated for further use. 

8. The computer system as in claim 5 wherein said 
processing device is further configured to receive an anony- 
mous ftp request from the remote user as a login. 

9. A computer program product comprising: 
a computer usable medium having computable readable 

code embodied therein that authenticates a remote user 
of a computer system, the computer readable code 
comprising: 

a first module which is configured to receive a user 
identification code of said remote user and determine 
if said user Identification code is authorized; 
a second module, which is operatively coupled to the 
first module and which is configured to, if said user 
identification code is authorized, generate a one time 
password, store said one time password and encrypt 
said one time password to form an encrypted one 
time password; 
a third module, which is operatively coupled to the 
second module and which is configured to provide 
said encrypted one t*n»e password to said remote 
user, 

a fourth module, which is operatively coupled to the 
third module and which is configured to receive from 
said remote user a decrypted one time password 
which has been decrypted from said encrypted one 
time password, and compare said decrypted one time 
password to said stored one time password, such 
that, if said received and stored one time passwords 
match, said remote user is authenticated. 

10. The computer program product as in claim 9 wherein 
60 said second module is further configured to generate a 

random number as said one time password. 

11. The computer program product as in claim 9 wherein 
said second module is further configured to store said one 
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^ time password far a predetermined time t, such that if said 

4/The methodas in claim 1 wherein the step of receiving 65 decrypted one time password is not received within said 

a user identification code includes the step of receiving an time t from said remote user, said stored one time password 

anonymous ftp request from the user as a login. is invalidated for further use. 
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12. The computer program product as in claim 9 wherein 
said first module is further configured to receive an anony- 
mous ftp request from (he user as a login. 

13. A method of authentication of a user for access to a 
remote computer system, comprising the steps of: 5 

providing a user identification code of said user to said 
remote computer to be used to determine if said user 
identification code is authorized; 

if said user identification code is authorized, receiving an 
encrypted one time password from said remote com- 10 
puter which has been encrypted from a stored one time 
password; and 

decrypting said encrypted one time password and provid- 
ing said decrypted one time password to said remote 
computer, whereby the user is authenticated if said 
decrypted one time password matches said stored one 
time password 

14. The method as in claim 13 wherein said stored one 
time password is a random number. 

15. The method as in claim 13 wherein said step of 
providing said decrypted one time password requires said 
decrypted one time password be provided to said remote 
computer within a predetermined time t for which said 
stored one time password is stored at the remote computer, 
beyond which the remote computer would have invalidated 
said stored one time password for further use. 

16. The method as in claim 13 wherein said step of 
providing a user identification code includes the step of 
providing an anonymous ftp request as a login to the remote ^ 
computer. 

17. A computer system which authenticates a user of the 
system for access to a remote computer, comprising: 

an input and output device including an interface to the 

remote computer; 35 
a storage device; and 
a processing device configured to: 
provide a user identification code of said user to said 
remote computer system via said interface to be used 
to determine if said user identification code is 40 
authorized, 

if said user identification code is authorized, receive via 
said interface an encrypted one time password from 
said remote computer which has been encrypted 
from a stored one time password, and 45 

decrypt said encrypted one time password and provide 
said decrypted one time password to said remote 
computer via said interface, whereby the user is 
authenticated if said decrypted one time password 
matches said stored one time password. so 

18. The computer system as in claim 17 wherein said 
stored one time password is a random number. 

19. The computer system as in claim 17 wherein said 
processing device is further configured to provide an anony- 
mous ftp request to the remote computer as a login. 55 

20. A computer program product comprising: 

a computer useable m^i"^ having computable readable 
code embodied therein for authenticating a user for 
access to a remote computer system, the computer 
readable code comprising: 60 
a first module configured to provide a user identifica- 
tion code of said user to said remote computer to be 
used to determine if said user identification code is 
authorized; 

a second module which is operatively coupled to the 65 
first module and which is configured to, if said user 
identification code is authorized, receive an 



encrypted one time password from said remote com- 
puter which has been encrypted from a stored one 
time password; and 
a third module which is operatively coupled to the 
second module and which is configured to decrypt 
said encrypted one time password and provide said 
decrypted one time password to said remote 
computer, whereby the user is authenticated if said 
decrypted one time password matches said stored 
one time password. 

21. Hie computer program product as in claim 20 wherein 
said stored one time password is a random number. 

22. Hie computer program product as in claim 20 wherein 
said first module is further configured to provide an anony- 
mous ftp request to the remote computer system as a login, 

23. A method for user authentication between a first 
computer and a second computer, comprising the steps of: 

providing from said first computer to said second com- 
puter a user identification code identifying a user of 
said first computer, 

receiving by said second computer said user identification 
code and detennining if said user identification code is 
authorized, such that if said user identification code is 
authorized, said second computer 
generates a one time password; 
stores said one time password; and 
encrypts said one time password to form an encrypted 
one time password; 

providing by said second computer said encrypted one 
time password to said first computer; 

decrypting by said first computer said one time password 
and providing said decrypted one time password to said 
second computer; and 

comparing by said second computer said decrypted one 
time password to said stored one time password, such 
that, if said received and stored one time passwords 
match, said user is authenticated. 

24. The method as in claim 23 wherein said one time 
password generated by said second computer is a random 
number. 

25. The method as in claim 23 wherein said first computer 
also provides to the second computer an anonymous ftp 
request as a login along with said user identification code. 

26. A system for user authentication between a first 
computer and a second computer, comprising: 

an element included in said first computer which is 
structured to provide to said second computer a user 
identification code identifying a user of said first com- 
puter, 

an element included in said second computer which is 
structured to receive said first request and determining 
if said user identification code is authorized, such that 
if said user identification code is authorized, said sec- 
ond computer: 

generates a one time password; 

stores said one time password; and 

encrypts said one time password to form an encrypted . 
one time password; 
a transmission element included in said second computer 

which is structured to provide said encrypted one time 

password to said first computer, 
a decrypting element included in said first computer 

which is structured to decrypt said one time password 

and providing said decrypted one time password to said 

second computer; and 
wherein said second computer compares said received 

decrypted one time password to said stared one time 
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password, such that if said received and stored one 
time passwords match, said user is authenticated. 
27. The system as in claim 26 wherein the one time 

password generated by the second computer is a random 

number. 

2ft. The system as in claim 26 wherein said element 
included in said first computer which is structured to provide 
to said second computer said user identification code is also 
structured to provide to the second computer an anonymous 
ftp request as a login. 
29. A computer program product comprising: 
a computer useable medium having computable readable 
code embodied therein for user authentication between 
a first computer and a second computer, the computer 
readable code comprising: 

a first module which is configured to provide from said 
first computer to said second computer a user iden- 
tification code identifying a user of said first com- 
puter, 

a second module which is coupled to the first module 
and which is structured to receive by said second 
computer said user identification code and determin- 
ing if said user identification code is authorized, such 
mat if said user identification code is authorized, said 
second computer: 

generates a one time password; 

stores said one time password; and 



encrypts said one time password to form an encrypted 

one time password; 
a third module which is coupled to the second module 
and which is structured to provide by said second 
computer said encrypted one time password to said 
first computer; 
a fourth module which is coupled to the third module 
and which is structured to decrypt by said first 
computer said one time password and provide said 
decrypted one time password to said second com- 
puter; and 

a fifth module which is coupled to the fourth module 
and which is structured to compare by said second 
computer said decrypted one time password to said 
stored one time password, such that, if said received 
and stored one time passwords match, said user is 
authenticated. 

30. The computer program product as in claim 29 wherein 
20 said second module is further configured to generate a 

random number as said one time password. 

31. The computer program product as in claim 29 wherein 
the first module is further configured to provide by the first 
computer to the second computer an anonymous ftp request 

25 as a login along with said user identification code. 
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